Windows Authenticator

Group Policy Deployment

Overview

This guide will help you deploy the Twosense Agent to your Windows computers using Group Policy.

Steps

1. Create GPO for Twosense Installation

1.1 Software Package Settings

Group policy has settings for targeting computers and settings to target users. This guide will focus on targeting computers.

  1. Open the Group Policy Management Console (GPMC) on your domain controller.

  2. Navigate to the OU where you want to apply the GPO, right-click and select "Create a GPO in this domain, and Link it here...".

  3. Name the GPO Twosense Installation and click OK.

  4. Right-click the new GPO and select Edit....

  5. Navigate to Computer Configuration > Policies > Software Settings > Software Installation.

  6. Right-click Software Installation and select New > Package.

  7. Browse to the Twosense MSI file and click Open.

    ⚠️ The MSI file must be on a network share that all computers in the OU can access.

  8. On the Deploy Software dialog, select Advanced and click OK.

  9. Add the version number to the Name field, e.g. Twosense Authenticator 1.0.0.

  10. In the Deployment tab, select Assigned.

    ⚠️ If the Install this application at logon option is greyed out, click Assigned again. It should be enabled now.

  11. Check the box for Install this application at logon.

  12. Check the box for Uninstall this application when it falls out of the scope of management.

    This will uninstall the software if the computer is moved out of the OU where the GPO is linked.

  13. On the Modifications tab, click Add and browse to the *.mst file that was provided to you.

    ⚠️ The MST file must be on a network share that all computers in the OU can access.

  14. Click OK to close the Properties dialog.

1.2 Enable wait for network on startup

In some environments, the installation may fail with error 1274. This is due to the computer not waiting for the network to be available before attempting to install the software. To fix this, you can enable the "Always wait for the network at computer startup and logon" policy.

  • In the GPO editor, navigate to Computer Configuration > Policies > Administrative Templates > System > Logon.

  • Double-click "Always wait for the network at computer startup and logon".

  • Select "Enabled" and click OK.

2. Test the GPO Deployment

  • In Active Directory Users and Computers, move a test computer to the OU where the GPO is linked.

  • Log in to the test computer and run gpupdate /force from the command prompt.

  • Restart the computer and log in again.

ℹ️ You can verify the installation by checking the Add/Remove Programs list in the Control Panel. However, the Twosense services may not be running yet. This is normal and the services will start after the next reboot.

  • To verify that the installation was successful. Restart the computer again and log in. The login event should show up in the Twosense portal under "Event Log".

Last updated